Re: SPA504G .asp

AntalVincz · ‎03-21-2020

Hi,

I have some used phones.

The phones request status.asp ang login.asp files.

Anybody know what is the files syntax?
And how to create this files?

Thank you.

Tony

ps.:Good luck, all members of the community and they family in this hard situation!

Dan Lukes · ‎03-21-2020

Virgin (factory default) phone is requesting neither status.asp not login.asp. If you phone is requesting them, it must be because (one of the following):

1. files in question are part of current configuration

2. phone is using DHCP and those names are delivered in a DHCP bootstrap option

3. phone is OEM, not the retail one, it have custom factory default

Until you will identify why the phone is asking those files (e.g. in which configuration option contains those names) their expected format will remain unknown.

For the completeness - virgin retail SPA504G phone is asking those files (unless overridden by DHCP):

/spa504G.cfg

/SPA504G/aabbccddeeff.cfg (where aabbccddeeff is the MAC of the phone in question)

Those files may be either in proprietary Cisco binary format or XML. See Provisionign guide for more details.

AntalVincz · ‎03-21-2020

Dear Dan,

Thank you for your answer.

The factory reset not possible, the option locked with unknown password.

I developed few solution remove the unknown password from SPA50x phones. My system is automatic. (I unlocked lot of phones)
But this case is new. This phones not require the /spa504g.cfg or the /SPA504G/aabbccddeeff.cfg files.

What DHCP option tell to the phone, the phone requiest this files? /spa504g.cfg or the /SPA504G/aabbccddeeff.cfg

Thank you

Tony

Dan Lukes · ‎03-21-2020

The factory reset not possible, the option locked with unknown password.

Common on RC units, can be done by authorized administrator even on retail units. What's the VID-PID printed on bottom of the phone ?

I developed few solution remove the unknown password from SPA50x phones.

So we are trying to break the authorized block installed on the phone. I will consider it scientific research.

This phones not require the /spa504g.cfg or the /SPA504G/aabbccddeeff.cfg files.

Unless commanded by DHCP, it mean it's configured to request them. Either because it's RC unit with customized factory-default configuration or because it's configured (and locked) retail unit.

Lets assume:

status.asp ang login.asp are requested because they are configured as Profile Rule and Profile Rule B

Each file can be configured as either unsecured file or targeted file or encrypted file.

Unsecured file is either plain XML or Cisco proprietary binary file. The later one can be compiled from plain text configuration by SPC compiler (available for download)
Encrypted file is unsecured file encrypted by AES256. Encryption key is supplied as optional [--key xxxx] parameter of Profile Rule.
Targeted file is like encrypted file, but it uses implicit key (e.g key is not explicitly defined in configuration, each phone have own fixed key). SPC compiler can prepare this kind of file.

Unsecured file is most easiest case for you. Just offer new configuration to phone. For example Admin Password. Targeted file is not as easy. You need to discover the encryption key used for particular phone. Did I mentioned the SPC compiler can prepare this kind of file ? No more hints is necessary. Encrypted file mean you need to guess configured encryption key or the file supplied can't be decrypted by phone. Good luck.

What DHCP option tell to the phone, the phone requiest this files? /spa504g.cfg or the /SPA504G/aabbccddeeff.cfg

/spa504g.cfg or the /SPA504G/aabbccddeeff.cfg are "factory default" (of retail unit) - no DHCP is necessary for those names.

If DHCP you wish use DHCP to supply other URL, a DHCP option configured in DHCP Option To Use needs to be used (option 66,160,159,150 by default).